Coverage
Vulnerabilities
748 articles on vulnerability disclosures and exploits
Advertisement
NIST Limits NVD Enrichment Amid 263% Surge in CVE Submissions
NIST scales back enrichment of the National Vulnerability Database (NVD) due to a 263% volume increase, impacting vulnerability management workflows.
CVE-2026-5387: AVEVA Pipeline Simulation Privilege Escalation
Unauthenticated attackers can exploit CVE-2026-5387 in AVEVA Pipeline Simulation <=2025_SP1_build_7.1.9497.6351 to modify critical ICS simulation parameters and training
Apache ActiveMQ CVE-2026-34197: CISA KEV Update & Mitigation
CISA adds high-severity CVE-2026-34197 in Apache ActiveMQ to its Known Exploited Vulnerabilities catalog. Learn how to secure your message broker infrastructure.
Marimo RCE via CVE-2024-41663 Exploited to Deliver NKAbuse Malware
Attackers are exploiting a critical RCE in Marimo Python notebooks (CVE-2024-41663) to deploy NKAbuse malware via Hugging Face. Update to version 0.7.5.
Microsoft Defender RedSun Zero-Day PoC Grants SYSTEM Privileges
Security researcher Chaotic Eclipse releases the RedSun zero-day PoC for Microsoft Defender, enabling local privilege escalation to SYSTEM on Windows devices.
Microsoft Defender Zero-Day and 17-Year-Old Excel RCE Exploitation
Analysis of recent threats including a Microsoft Defender zero-day, SonicWall brute-force campaigns, and critical RCE in legacy Microsoft Excel components.
AI-Powered Exploitation: Scaling Enterprise Defense at Machine Speed
As AI models accelerate vulnerability discovery and exploit development, enterprises must transition to automated security operations to mitigate growing risks.
CVE-2024-36985: Splunk Enterprise RCE via File Upload - Patch Guide
Splunk patches a high-severity RCE vulnerability (CVE-2024-36985) allowing low-privileged users to execute code on Windows-based Enterprise instances.
Cisco Webex Services CVE-2024-20419: Manual Patch Guidance
Cisco identifies a critical improper certificate validation flaw in Webex Services. This advisory details the required manual remediation steps for admins.
Cisco Patches Critical RCE and SSO Flaws in ISE and Webex Services
Cisco releases patches for four critical vulnerabilities, including CVE-2026-20184, which allows RCE and user impersonation in Identity Services and Webex.
Claude Code and Gemini CLI: Prompt Injection via Code Comments
Research reveals how Claude Code, Gemini CLI, and GitHub Copilot agents are vulnerable to prompt injection attacks via malicious source code comments.
Windows Server 2025 KB5082063 Update Fails to Install — Analysis
Microsoft is investigating reports of KB5082063 failing to install on Windows Server 2025, leaving systems potentially vulnerable to unpatched threats.